UNITED STATES 

SECURITIES AND EXCHANGE COMMISSION 

WASHINGTON. D.C. 20549 



ecEcunvc oiitEcroR 


March 15,2002 


Ms. Laura Kimberly 
Acting Director 

Information Security Oversight Office 
National Archives and Records Administration 
700 Pennsylvania Avenue, N.W, 

Washington, D.C. 20408 


^T-^ ~rir i ip i l i t a m 11 II 

RECEIVED 

NOV 05 2018 

Office of 
FOIA Services 


Dear Ms. Kimberly: 

Enclosed is the Securities and Exchai^e Commission’s (SEC) ‘‘Report 
on Cost Estimates for Security Classification,” The SEC has minimal 
involvement with classified information and is primarily a holder of classified 
material. None of the agency’s staff is dedicated to security classification 
activities on a full-time basis. 


Questi ons concern ing this response should be directed to Darlene Pryor 
of my staff at 


(b)(6) 


Enclosure 


Sincerely, 
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Physical Security Costs — Costs in this area relate to the SEC's contingency planning efforts. 
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UNITED STATES 

SECURITIES AND EXCHANGE COMMISSION 

WASHINGTON. D C. 205A9 


March 21, 2003 


Ms. Laura L.S. Kimberly 
Associate Director for Policy 
Information Security Oversight Office 
National Archives and Records Administration 
700 Pennsylvania Avenue, N.W. 

Washir^on, D.C, 20408 


Dear Ms. Kimberly: 


Enclosed is the Securities and Exchange Commission’s (SEC) ”2004 
Security Costs Estimates Display”, The SEC has minimal involvement with 
classified information and is primarily a holder of classified material. None of the 
agency’s staff is dedicated to security classification activities on a full-time basis 


If you have any questio ns concerning this response, please contact Darlene 


Pryor of my staff at 


{b)(6) 
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UNITED STATES 

SECURITIES AND EXCHANGE COMMISSION 

WASHINGTON, D.C. 20549 



EXECUTIVE director 


March 30,2004 


Ms. Laura L.S. Kimberly 
Associate Director for Policy 
Information Security Oversight Office 
National Archives and Records Administration 
700 Pennsylvania Avenue, N.W. 

Washington, D.C. 20408 


Dear Ms, Kimberly: 


Enclosed is the Securities and Exchange Commission’s (SEC) “2005 
Security Costs Estimates Display’^ The SEC has minimal involvement with 
classified information and is primarily a holder of classified material. None of the 
agency’s staff is dedicated to security classification activities on a full-time basis. 


If you have any question s concerning this response, please contact Darlene 


Pryor of my staff at 


{b){6) 



Enclosure 



2005 Security Costs Estimates Disola 



llie src has minimal involvement with classified information and is primarily a holder of classified 
mterial. None of the agency's staff is dedicated to security classification activities on a 
full-time basis- 































EXBJin'IVE nRECIOR 


UNITED STATES 

SECURITIES AND EXCHANGE COMMISSION 

WASHINGTON. D C. 20549 


March 24,2005 


Mr, J. William Leonard 
Director 

Information Security Oversight Office 
National Archives and Records Administration 
700 Pennsylvania Avenue, N.W. 

Washington, D.C. 20408 


Dear Mr. Leonard: 


Enclosed is the Securities and Exchange Commission’s (SEC) FY 2006 
Security Costs Estimates Display. The SEC has minimal involvement with 
classified information and is primarily a holder of classified material. None of the 
agency’s staff is dedicated to security classification activities on a fiill-ttme basis. 


If you have questio ns concerning this response, please contact Darlene 


Pryor of my staff at (b)(6) 


Sincerely, 



: M. McConnell 
Executive Director 



Enclosure 



FY 2006 Security Cost Estimates Display 

Name of Department/A^encv: Se<^ities and Exchange CoTinission 


(Ptcase use a<;Ujal dollar flfluties instead of thousands,) 


Reporting Categories 

FY 2004 

FY 2005 

FY 2006 

1. Personnel Security 

$8,835 

$10,000 

$10,000 

2. Physical Security 




3, Information Security 

wmmmm 


1 

I 

(a.) Classification Management 




(b^) Declass iftca Hon 




(cj Information Systems Security for Classified Information 




(d.) Misc&llanenus (OPSEC & TSCM) 




{€.) Information Security Subtotal 

(Sum of 3.a., J.t., 5.^.* it 3.d.} 




4, Professional Education, Training and Awareness 




5* Security Management, Oversight and Planning 




6. Unique Items 




Totals: Fiscal Year Estimates 

(Sum of L 2, 3(c0.4.5, &a) 

$8,835 

$10,000 

$10,000 


NARRATIVE: 

The SEC has rtiinijnal involveinent with classified infonration and is primarily a 
holder of classified rteterial. None of the agency's staff is dedicated to 
security classification activities on a full-time basis. 












exGcunvEURECTDft 


UNITED STATES 

SECURITIES AND EXCHANGE COMMISSION 

WASHINGTON, DC. 20549 


March 30, 2006 


Mr. J. William Leonard 
Director 

Information Security Oversight Office 
National Archives and Records Administration 
700 Pennsylvania Avenue, N.W. 

Washington, D.C. 20408 

Dear Mr, Leonard: 


Enclosed is the Securities and Exchange Commission’s (SEC) FY 2007 
Security Costs Estimates Display. The SEC has minimal involvement vnth 
classified information and is primarily a holder of classified material. None of the 
agency’s staff is dedicated to security classification activities on a full-time basis. 


If you have any questions co ncerning this response, please contact Darlene 


Pryor of my staff at {b)(6) 


Sincerely, 



Enclosure 



,A?R T 20D6 



Security Costs Estimates Display 


Name of Department/Agency: 


U-S, Securities and Exchange Ccnmission 


(Ptease use actual dollar flaure& instead of thousands) 


Reporting Categories 

FY2005 

1 

FY 2006 

FY2007 

1. Personnel Security 

$11,030 

$20,000 

$30,000 

2. Physical Security 




3. Information Security 




{a.) Classification Management 




(b.) Declassification 




(c.) Information Systems Security for ClassITted Information 




(d.) Miscellaneous (OPSBC & TSCM) 




(e,) information Security Sub-Total 

fSumof3-a., 3.£i., 3.C., & 3,tfJ ' 




4. Professional Education, Training and Awareness 




5. Security Management, Oversight and Planning 




6. Unique Items 




Totals: Fiscal Year Estimates 

(Sumof 1.2. 3{e.). 4. 5. & 6.) 

$11,030 

$20,000 

$30,000 


NARRATIVE: The SBC has minimi involvement with classified information and is 

primarily a holder of classified mterial. None of the agency's staff is dedicated 
to security classification activities on a full-time basis- 
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EXEC in'! VE DIRECTOR 


UNITED STATES 

SECURITIES AND EXCHANGE COMMISSION 
WASHINGTON. D C. 205<1S 


April 5, 2007 


Mr. J. William Leonard 
Director 

Information Security Overs i^t Office 
National Archives and Records Administration 
700 Pennsylvania Avenue, N.W, 

Washington, D.C. 20408 

Dear Mr. r.>eonard: 


Enclosed is the Securities and Exchange Commission’s (SEC) FY 2006 
Security Costs Estimates Display. The SEC has minimal involvement with 
classified information and is primarily a holder of classified material. None of the 
agency’s staff is dedicated to security classification activities on a full-time basis. 


If you have any questions concerning this response, please 


Pryor of my staff at 


(b){6) 


contact Darlene 



Enclosure 



Security Costs Estimates Display 

Name of Department/Agency:__ U.S. Securities and Exchange Comnission 


(PIcajic use actual dollar figures instead of thousands) 


Reporting Categories 

FY 2006 

1. Personnel Security 

$15,925 

2. Physical Security 


3. Information Security 


(a.j Cfassification Management 


(b.) Dedassification 


(c.) information Systems Secunty for CfassifJed information 

1 


(d.) Miscotlaneous (OPSEC & TSCM) ' 


(e,) information Security Sub-Total 

(Sumof3.a., & 3.d) 


4. Professional Education, Training and Awareness 


5, Security Management, Oversight and Planning 


6. Unique items 


Totals; Fiscal Year Estimates 

(Sum of 1,2, 3(0.). 4. 5. & G.) 

$15,925 


NARRATIVE: 

The SEC has limited involvement with classified material. SEC is primarily a 
holder of classified information. None of the agency's staff is dedicated to 
security classification activities on a full-time basis. 







UNrrEO STATES 

SECURTTIES AND EXCHANGE COMMISSION 

WASHINGTON, D;C. 20549 



CfKt OFTHt 



March 28,2008 


Mr, William J. Bosanko 
Acting Director 

information Security Oversight Office 
National Archives and Records Administration 
700 Pennsylvania Avenue, N.W. 

Washington, D.C. 20408 


Dear Mr. Bosanko: 


In connection with the reporting requirements of Executive Order 12598, as 
amended, “Classified National Security Information,” and Executive Order 12829, 
“National Industrial Security Program,” enclosed is the U. S, Securities and Exchange 
Commission (SEC) estimated security costs for fiscal year (FY) 2007, associated with the 
protectio'n'of classified information. 


As requested by your office, these costs are being reported on the Security Costs 
Estimates Display form for FY 2007. The SEC has a minimal level of involvement with 
classified information and that interest is primarily as a holder of classified material. 
Additionally, there is no SEC staff member dedicated to national security related 
activities on a full-time basis. 


If you have any questio ns concerning this response, please contact Darlene Pryor 


of my staff at 


(b)(6) 


Very truly yours, 



Diego T, Ruiz 
Executive Director 


Attachment 





Security Costs Estimates Display 

Name of Department/Agency: ^^curities and Exchange connission 


[PUasc ustf act ual do lla r ftsurcs instead of thousands) 


Reporting Categories | FY 2007 

1. Personnel Security 

$14,115 

2. Physical Security 


3. information Security 


[9.) Classification Management 


(b.) DeciassificaUon 


(c.) fnformation Systems Security for Ctassifiecf Information 


(d.) Miscellaneous (OPSEC & TSCM) 


(e.) information Security Sut^Totai 

(Sum of 3.3., 3.b., 3.C., & 3M.} 


4. Professional Education, Training and Awareness 


5. Security Management, Oversight and Planning 


6. Unique Items 


Totals: Fiscal Year Estimates 

(Sum of 1,2, 3(e.), 4, 5, &6.J 

$14,115 


NARRATIVE: 

The SEC has limited involvement with classified material and national security 
related activities generally. None of the EEC’s staff is dedicated to security 
classification, activities on a full-time basis. 








UNTED STATES 

SECURITIES AND EXCHANGE COMMISSION 
WASHINGTON, D,C, 20549 


□FFK^CFIHE 

CXECimV^OlWCtOft 


February 19, 2009 


Mr. William J. Bosanko 
Director 

Information Security Oversight Office 
National Archives and Records Administration 
700 Pennsylvania Avenue, N.W, 

Washington, D.C. 20408 


Dear Mr. Bosanko: 

In connection with annual reporting requirements of Executive Order 12598, as 
amended, “Classified National Security Information,” and Executive Order 12829, 
“National Industrial Security Program,” enclosed is the U. S. Securities and Exchange 
Commission (SEC) estimated security costs for fiscal year (FY) 2008, associated with the 
protection of classified information. 

As requested by your office, these costs are being reported on the Security Costs 
Estimates Display form for FY 2008. ITie SEC has a minimal level of involvement with 
classified information and that interest is primarily as a holder of classified material. 
Additionally, there is no SEC slafT member dedicated to national security related 
activities on a full-time basis. 

If you have any questio ns concerning this response, please contact Carl Schilling 


of my staff at (b)(6) 


Very truly yours, 



Attachment 



Security Costs Estimates Display 

Name of Deparfment/Agency: U. S* Securities and Exchange Conmission 


- - -_________ (Please use adual <Jo1br figures msaad of thousantis 

Reporting Categories I py 2008 


1. Personnel Security 


2. Physical Security 


3. Information Securit 



(c.) Information Systems Secun'ty for Classified Information 
(d.) Miscellaneous fOPSEC <S TSCM; ~ 


4. Professional Education, Training and Awareness 


5. Security Management, Oversight and Planning 

6, Unique Items 



Totals; Fiscal Year Estimates 

_fSumof 1,2, 3(0,b,c,d), 4, S, & 6.] 


$35,283 


NARRATIVE: 


The SBC has limited involvement with classified raaterial and national security 
related activities generally. Presently, there is no SEC staff itoiibers dedicated to 
security classification activities on a full-time basis. The increase in 
personnel security costs in FY2008 over FY2007 is due primarily to cciipleting 
required periodic reinvestigations of SEC staff with, current security clearances and 
obtaining clearances for several staff merribers involved in inter-agency assigmients 
that require national security clearances. 





UNITED STATES 

SECURITIES AND EXCHANGE COMMISSION 
WASHINGTON, D.C. 20S49 


executive director 


February 25,2010 



Mr. William J. Bosanko 
Director 

Information Security Oversi^t Office 
National Archives and Records Administration 
700 Pennsylvania Avenue, N.W. 

Washington, D.C. 20408 

Dear Mr. Bosanko: 

In connection with annual reporting requirements of Executive Order 12598, as 
amended, “Classified National Security Information,” and Executive Order 12829, 
“National Industrial Security Program,” enclosed is the U. S. Securities and Exchange 
Commission (SEC) estimated security costs for fiscal year (FY) 2009, associated with the 
protection of classified information. 

As requested by your office, these costs are being reported on the Security Costs 
Estimates Display fonn for FY 2009. The SEC has a minimal level of involvement with 
classified information and that interest is primarily as a holder of classified material. 
Additionally, there is no SEC staff member dedicated to national security related 
activities on a full-time basis. 

If you have anv questio ns concerning this response, please contact Carl Schilling 


of my staff at |(*^)(^) 


Very truly yours, 



Attachment 



Security Costs Estimates Display 


Name of Department/Agency; U. S. securities and Exchange Canmlssion 


Point of Contact (Name/phone number): 


Carl Schilling 


(b)(6) 


(Please use aciual dollar figures, injlead orihoustnJs] 


Reporting Categories 

FY 2009 

1. Personnel Security 

$53,134 

2. Physical Security 


3. Information Security 


(a) CiassfTtcation Management 


(t) De^fassiftcation 


(c) information Systems Security for Oassifted Information 


(d) Miscoftaneous (OPSEC & TSCM) 

- 

4. Professional Education, Training, and Awareness 


S. Security Management, Oversight, and Planning 


6. Unique Items 

! 


Totals: Fiscal Year Estimates 

(Sum ol 1. 2, 3jci), 3(b). 3[ci, 3(0), 4, 5, & 6) 

$53,134 


NARRATIVE: 


Per 5 ?annel Security Costs: 

The Sec has limited involvonaent with classified material and national 
security related activities generally- Presently/ there are no SEC 
staff members dedicated to security classification activities on a full-time 
basis- The increase in personnel security costs in FY2009 over FY2008 is due 
primarily to coicpletir^ required periodic reinvestigations of SEC staff 
with current national security clearances and obtaining security clear^ces 
for staff members requiring clearances in connection with official duties- 
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UNITED STATES 



SECURITIES AND EXCHANGE COMMISSION 

WASHINGTON, D.C. ZOSCS 


OFFICE OF THE 
EXECUTIVE DIRECTOR 


March?, 2011 


Mr. William J. Bosanko 
Director 

Information Security Oversight Office 
National Archives and Records Administration 
700 Pennsylvania Avenue, N.W. 

Washington, D,C. 20408 


Dear Mr. Bosanko: 

In connection with annual reporting requirements of Executive Order 13526, 
“Classified National Security Information,” and Executive Order 12829, as amended, 
‘'National Industrial Security Program,” enclosed is the U. S. Securities and Exchange 
Commission (SEC) estimated security costs for fiscal year (FY) 2009, associated with the 
protection of classified information. 

As requested by your office, these costs are being reported on the Security Costs 
Estimates form for FY 2010. The SEC has a minimal level of involvement with 
classified information and that interest is primarily as a holder of classified material. 
Additionally, there is no SEC staff member dedicated to national security related 
activities on a full-time basis. 


If you have any question s concerning this response, please contact Carl Schilling 


of mv staff at (b)(6) 


Very trulyvours. 



Die^o T. Ruiz 
Executive Director 


Attachment 




Security Costs Estimates 


Depart m^nt/Agftncy: 


Securities and Exchange Commission 


Fiscal Year; 


jaoio 


Point of Contact: 
(Name and phone 
number) 


Carl Schilling 

{b)(6) 


RePOrtinCi Categories ^P^ease use actual dollarfgures instead ofthousarxls) 


1. Personnel Security 

(indude deorcnce program, iniifaf /n veitigarkms, narional ogsn cy checks when uj for basis for granting a cfearance, adjudicotlon, reinvestigo Uon, 
polygraph associated with dasslfication related activities} 

2. Physical Security 

(indufiephysical sffcariry equipment, protective forces, Intrusion detection and assessment, barrier/controis, tamper-sak monitoring, access controi/badging, 
visitor control associated with dassigcation rehted activities} 


$ 0.00 


$ 16 , 246.00 


3. information Security 


(only report ccffs associated with dassification reiated activities) 

(a) Classification Management 


$ 0,00 


(include resources used to Identify, control, transfer, transmsX retrieve, inventory, archive, declassify, or destroy chsstfied irtfonnation) 

(b) Decfassj'A'catfon 


$ 0.00 


(tndude resources used to Identify and process Iriformatlon subject to the automatic, systematic, or mandatory revievr programs authorized by Executive 
order Of statute) 

(c) Information Systems Security for Classified fn/or/nafron 

(include resources used protiecf information sys term from unau thorUed access or modiricatfon of information, and against the denial of service to 
authorized users, induding measures necessary to detect, document, and counter such threats) 

(d) M/5ce//oneou5 (OPSEC and TSCM) 


$ 0.00 


$ 0.00 


(include personryel and operating expenses associated with These programs) 

4. Professional Education, Training, and Awareness 

finefude resources used to establish, maintain, direct support, and assess an infotmaticn security training and awareness program; certificatior: and approval 
of the training program; devehpmerit, management, and maintenance of training records; training of personnel to perforrn tasks: arid qualification and/or 
cerdficatiQn of personnel associated with clas^hcation related activities) 

5. Security Management, Oversight, and Planning 

(include resources associated with research, test, and evaluation; surveys, reviews, accredhadon, and assessments: special access programs; security and 
investigative matters; industrial security; and foreign ownership, contnoD, or influence (fOCi)) 

6. Unique Items 

(indude deportmer\t/oger\cy-speciflc activities nof reported in any of the categories fisted above but are nanetheiess significant and need to be Included) 

Total (sum of 1,2,3(a1,3(b], 3(c), 3(d], 4,5, and 6) 


$16,246 


$ 0.00 


$ 0.00 


$ 0.00 


N arrati ve; provide a brief explanation of any ^gnificonce difference beVweert iastyeefs orid this yeafs cost estimates. Explain Items entered 
into Stock 6. Ur^ique Items. 

The SEC has limited involvement with classified material and national security related activities 
generally. Presently, there is no SEC staff members dedicated to security classification activities 
on a full-time basis. The decrease in personnel security costs In FY2010 is due primarily to 
completing fewer required periodic reinvestigations of SEC staff with current national security 
clearances and obtaining national clearances for staff members involved in assignments 
requiring national security clearances. 


Page 1 of4 






























AGENCY SECURITY CLASSIFICATION COSTS ESTIMATES 


Department/Agency: OFRMS/SEC 

Fiscal Year: 2011 


Point of Contact; 

(Name and phone number) Benne 

(b)(6) 



Reporting Categories 


Please use actual dollar figures. 


1. Personnel Security 

{inctudG ctearartce program, mitial investigations, nationat agency checks when used as basis for 
granting a clearance, adjudication, reinvestigatlon, polygraph associated with classification-related activities) 


$28,035,00 


2. Physical Security 

(incfude physical security equipment, protective foxes, intrusion detection and assessment 
bamer/controfs, tamper-safe monitoriryg, access contml/badging, visitor control associated with 
ciassification-reiated activities) 

3. Classification Management 

(include resources used fo identify, control transfer, transmit, retrieve, inventory, axhive, 
declassify, or destroy ciassified information) 

4. Declassification 

(include resources used to identify and process information subject to the automatic, systematic, 
discretionar/^ or mandatory review programs authorized by Executive Order or Statute) 

5. Protection and Maintenance for Classified Information Systems 

(mclude resources used to protect and maintain classified infonnafion systems from unauthorized 
access or modification of information, and against the denial of service to authorized users, 
including measures necessary to detect document, and counter such threats) 

6. Operations Security and Technical Surveillance Countermeasures 

(include personnel and operating expenses associated with OPSEC and TSCM) 

7. Professional Education, Training, and Awareness 

(include resources used to establish, maintain, direct, support, and assess an ifrhrmatipn security 
training and awareness program; certification and approval of the irainmg program; tfe^e/opmerrt, 
management, and maintenance of training records; training of personnel to perform tasks: and 
quefification and/or certification of personnel associated with cfassification-refated activities) 


$ 0.00 


$65,000.00 


$ 0.00 


$5,590.80 


$3,000.00 


$ 0.00 


8. Security Management, Oversight, and Planning 

(include resources associated with research, test, and evaluation; surveys, reviews, accreditation, 
and assessments, special access programs; security and investigative matters: industrial security; 
and foreign ownership, control, or influence (POCi)) 

9. Unique items 

(include department/agerKy-specific activities not reported in any of the categories listed above, 
but are nonetheiess significant and need to be inciuded) 

TOTAL 

(sum of items 1-9) 



Narrative: Provide a brief explanation of any significant difference between last year's and this year's cost 
estimates. Explain items erjtered into block 9 , Unique Items. 

Cast estimates were based on the number of SSBIs issued in 2011, the salary of an FTE that manages 
classified Information, maintenance of COMSEC equipment, and the cost of TSCMs conducted in 2011, 


AUTHORIZED FOR LOCAL REPRODUCTION 
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National Archives and records Administration 


STANDARD FORM 7ie (07-11) 
Prescribed by NARA/ISOO 
32 CFR Part 2001.90 E.O. 13526 






























Instructions for Completing Form 


L General: The data reported will be Government cost estimates onfy. The estimates of resource costs should be 
reported, in the aggregate, for the following categories: (1) Personnel Security; (2) Physical Security: (3) Classification 
Management; (4) Declassification; (5) Protection and Maintenance for Classified information Systems; (6) Operations 
Security and Technical Surveillance Countermeasures; (7) Professional Education, Training, and Awareness; (8) 
Security Management, Oversight, and Planning: and (9) Unique Items. In reporting cost estimates associated with the 
security and management of classified information, please exclude all costs related to broad areas of assets protection 
(i.e., protection of property and personnel not specifically related to classified information). Counterintelligence* 
resources should also not be included in this data collection. If 51% or more of a resource is devoted to a classification- 
related activity, it should be included in this estimate. For those resources used for classification-related activities on a 
part-time basis, the total time devoted to these activities over a year must be at least 51% in order to be included in this 
estimate. Even though we no longer ask for the number of FTEs, the cost of personnel associated with the security of 
classified information should be included in the overall cost estimate for each category. 

IL Definitions of data to be reported: The primary categories are defined below along with related functional areas to 
be considered for inclusion. Report only those cost estimates associated with classification-related activities 
(programs that affect the security of classified information). 

1. Personnel Security: A series of interlocking and mutually supporting program elements that initially establish a 
Government or contractor employee's eligibility, and ensure suitability for the continued access to classified 
information. 

Clearance Program: Personnel and activities to determine eligibility and suitability for initial or continuing 
access to classified information or activities. 

Initial Investigations; Completing and reviewing Personnel Security Questionnaire, initial screening, filing data 
in Central Personnel Database, forwarding to appropriate investigative authority, and the investigation itself 

National Agency Check: Include only when used for basis for granting a clearance. 

Adjudication: Screening and analysis of personnel security cases for determining eligibility for classified 
access authorizations and appeals process. 

Re investigations: Periodic recurring investigations of Government and contractor personnel. 

Polygraph: Substantive examinations in security screening process, 

2. Physical Security: That portion of security concerned with physical measures designed to safeguard and protect 
classified facilities and information, domestic or foreign. 

Physical Security Equipment: Any item, device, or system that is used primarily for the protection of classified 
information and installations 

Protective Forces: All personnel and operating costs associated with protective forces used to safeguard 
classified information or installations, to include but not limited to salaries, overtime, benefits, materials and 
supplies, equipment and facilities, vehicles, aircraft, training, communications equipment, and management- 

intrusion Detection and Assessment: Alarms, sensors, protective lighting, and their control systems; and the 
assessment of the reliability, accuracy, timeliness, and effectiveness of those systems used to safeguard 
classified information or installations. 

Barrier/Controls: Walls, fences, barricades, or other fabricated or natural impediments to restrict, limit, delay, 
or deny entry into a classified installation. 


* Counterintelligence means information gathered and activities conducted to protect against espionage, other 
intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations or persons 
or international terrorist activities, but not including personnel, physical, document, or communications security programs. 
(48CFR 970.0404-1) 


AUTHORIZED FOR LOCAL REPRODUCTION 
Page 2 014 


National Archives and Records Administration 


STANDARD FORM 7ie (07-11) 
Prescribed by NARA/ISOO 
32 CFR Part 2001.90 E.O. 13526 



Instructions for completing form, continued 

Vital Components and Tamper^afe Monitoring: Personnel and operating activities associated with the 
monitoring of tamper indicating devices for containers, doors, fences, etc., which reveal violations of 
containment integrity and posting and monitoring of anti-tamper warnings or signs. 

Access Control/Badglng; Personnel and hardware such as badging systems, card readers, turnstiles, metai 
detectors, cipher locks, CCTV, and other access control mechanisms to ensure that only authorized persons are 
allowed to enter or leave a classified facility. 

Visitor Control: Personnel and activities associated with processing visitors for access to facilities holding 
classified information, 

3. Classification Management: The system of administrative policies and procedures for identifying, controlling, 
and protecting from unauthorized disclosure, classified information, the protection of which is authorized by 
Executive Order or Statute, Classification management encompasses those resources used to identify, control, 
transfer, transmit, retrieve, inventory, archive, declassify, or destroy classified information. 

4. Declassification: The authorized change in the status of information from classified information to unclassified 
information. It encompasses those resources used to identify and process information subject to the automatic, 
systematic, or mandatory review programs authorized by Executive Order or Statute. 

5. Protection and Maintenance for Classified Information Systems: A classified information system is a set of 
information resources organized for the collection, storage, processing, maintenance, use, sharing, dissemination, 
disposition, display, or transmission of classified information Security of these systems involves the protection of 
information systems against unauthorized access to or modification of information, whether in storage, processing, 
or transit, and against the denial of service to authorized users, including those measures necessary to detect, 
document and counter such threats. This includes TEMPEST (short name referring to investigation, study, and 
control of compromising emanations from Information systems equipment) and Communications Security 
(COMSEC) (measures and controls taken to deny unauthorized individuals information derived from 
telecommunications and to ensure the authenticity of such telecommunications. Communications security includes 
cryptosecurity, transmission security, emission security, and physical security of COMSEC material). 

6. Operations Security (OPSEC) and Technical Surveillance Countermeasures (TSCM): 

Operations Security (OPSEC): Systematic and proven process by which potential adversaries can be denied 
information about capabilities and intentions by identifying, controlling, and protecting generally unclassified 
evidence of the planning and execution of sensitive activities. The process involves five steps: identification of 
critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of 
appropriate countermeasures. 

Technical Surveillance Countermeasures (TSCM): Personnel and operating expenses associated with the 
development, training, and application of technical security countermeasures such as non-destructive and 
destructive searches, electromagnetic energy searches, and telephone system searches. 

7. Professional Education, Training, and Awareness: The establishment, maintenance, direction, support, and 
assessment of an information security training and awareness program; the certification and approval of the training 
program; the development, management, and maintenance of training records; the training of personnel to perform 
tasks associated with their duties; and qualification and/or certification of personnel before assignment of security 
responsibilities related to classified information. 

6, Security Management, Oversight, and Planning: Development and Implementation of plans, procedures, and 
actions to accomplish policy requirements, develop budget and resource requirements, oversee organizational 
activities, and respond to management requests related to classified information. 

Research, Test and Evaluation: The development, management, and oversight of an acceptance and 
validation testing and evaluation program, corrective action reports and related documentation that addresses 
safeguards and security elements. The examination and testing of physical security systems (construction, 
facilities, and equipment) to ensure their effectiveness and operability and compliance with applicable directives. 
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Instructions for completing form, continued 


Surveys^ Reviews, Accreditation, and Assessments: Personnel and activities associated with surveys, 
reviews, accreditations, and assessments to determine the status of the security program and to evaluate its 
effectiveness; development and management of a facility survey and approval program; facility pre-survey; and 
information technology system accreditation. 

Special Access Programs (SAP): Programs established for a specific class of classified information that 
impose safeguarding and access requirements (hat exceed those normally required for information at the same 
classification level. Unless specifically authorized by the President, only the Secretaries of State, Defense, 
Energy, and the Director of National Intelligence may create an SAP. Sensitive Compartmented Information 
(SCI) programs are not included as SAPs for the purpose of these estimates; rather SCI security costs are 
integrated and estimated throughout all categories as appropriate. Do not include costs here that have been 
reported under the other primary categories. 

Security and Investigative Matters; The investigation of security incidents, infractions, and violations. 

Industrial Security (Non-Contractor Costs): Those measures and resources directly identifiable as 
Government activities performed for the protection of classified information to which contractors, subcontractors, 
vendors, or suppliers have access or possession. Examples of such activities are industrial security reviews, 
surveys, and the granting of facility clearances, and National Industrial Security Program management and 
administration. 

Foreign Ownership, Control, or Influence (FOCI): The development and management of a foreign ownership, 
control, or influence program: evaluation of FOCI submissions; the administration and monitoring of FOCI 
information and development of FOCI notifications. 

9. Unique Items: Those department/agency-specific activities that are not reported in any of the primary categories 
but are nonetheless significant, and need to be included, should be noted in this category. Any unique item must 
include a narrative on why it should be included and how the figures were developed. 

IIL How to complete the security costs estimates form. The form (page 1) should include estimates of resource costs 
in the aggregate for each of the nine categories. The cost estimates reported should not include costs associated with 
the broader area of assets protection. 

1. Name of Department/Agency: Self-explanatory. 

2. Reporting Categories; List cost estimates in dollar amounts. The cost of personnel associated with the security 
of classified information should be included in the overall cost estimate for each category. If there are no cost 
estimates to be reported for a particular category, indicate with a "0" in the appropriate block. 

3. Totals: The totals for blocks 1-9 will automatically be placed in the appropriate block. 

4. Narrative: In the narrative portion of the form, or in a separate attachment, provide a brief explanation of how cost 
estimates were determined. If there is a significant difference between the total figures for each fiscal year, explain 
the differences. Any figure reported within the Unique Items category should be clearly explained in the narrative 
portion. 
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AGENCY SECURITY CLASSIFICATION COSTS ESTIMATES 


Department/Agency: oss/oso/SEC 


Fiscal Year: 2012 



Point of Contact: 

{Name and phone number) Bennett 

(b)(6) 


Reporting Categories 

Please use actual dollar figures. 

1. Personnel Security 

$9,000.00 


{fnctude cieafsnce program, initiaf investigathns, nationaf agency checks when used as basis far 
granting a cfearance, adjudication, reinvestigation. potygraph associated with cfassiftcation-refated activities} 


2. Physical Security 

(inctude physical security equipment, protective forces, inlrusior^ detection and assessment 
barrier/controis, tamper-safe monitoring, access control/badging, visitor control associated with 
cfassification-reiated activities) 

3. Classification Management 

(incfude resources used to identify, control, transfer, transmit, retrieve, inventory, archive, 
decfassify, or destroy ciassified information} 

A. Declassification 

(include resources used to identify and process information subject fo the automatic, systematic, 
discretionary, or mandatory review programs authorized by Executive Order or Statute) 

5. Protection and Maintenance for Classified Information Systems 

(incfude resources used to protect and maintairr classified information systems from unauthonzed 
access or modification of information, and against the deniai of service to authorized users, 
inciuding measures necessary to detect, document, and counter such threats) 

6. Operations Security and Technical Surveillance Countermeasures 

(inctude personnei and operating expenses associated with QPSEC and TSCM) 

1. Professional Education, Training, and Awareness 

(incfude resources used to estabfish, maintain, direct, support, and assess an information security 
training and awareness program, certification and approvai of the training program; development, 
management, and maintenance of training records; framing of personnel to perform tasks: and 
qualification and/or certification of personnel associated with cfassification-reiated activities) 


$ 0,00 


$65,000.00 


$ 0.00 


$ 0.00 


$7,800.00 


$ 0.00 


8. Security Management, Oversight, and Planning 

(incfude resources associated with research, test, and evaiuation, surveys, reviews, accreditation, 
and assessments; spedaf access programs; security and investigative matters: industrial security, 
and foreign ownership, controf or influence (FOCi)) 

9. Unique Items 

(incfude department/agency-specific activities not reported in any of the categones fisted above, 
but are nonetheless signiffcant and need to be Inciuded) 

TOTAL 

(sum of items 1-9) 



Narrative: Provide a brief explanation of any sigr)ihcant difference between fast year's and this year’s cost 
estimates^ Explain items enter^ed into block 9, Unique items. 

Cost estimates were based on the number of SSBI’s issued for 2012, the salary of an FTE that manages 
classified information, and the cost of TSCMs conducted in 2012. 
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Instructions for Completing Form 


L General: The data reported will be Government cost estimates only. The estimates of resource costs should be 
reported, in the aggregate, for the following categories: (1) Personnel Security; (2) Physical Security; (3) Classification 
Management: [4) Declassification: (5) Protection and Maintenance for Classified information Systems; (6) Operations 
Security and Technical Surveillance Countermeasures, (7} Professional Education, Training, and Awareness; (8) 
Security Management Oversight, and Planning; and (9) Unique Items, In reporting cost estimates associated with the 
security and management of classified information, please exclude all costs related to broad areas of assets protection 
(i,e,, protection of property and personnel not specifically related to classified information). Counterintelligence* 
resources should also not be included in this data collection. If 51 % or more of a resource is devoted to a classification- 
related activity, it should be included in this estimate. For those resources used for classification-related activities on a 
part-time basis, the total time devoted to these activities over a year must be at least 51% in order to be included in this 
estimate. Even though we no longer ask for the number of FTEs, the cost of personnel associated with the security of 
classified information should be included in the overall cost estimate for each category. 

II. Definitions of data to be reported: The primary categories are defined below along with related functional areas to 
be considered for inclusion. Report only those cost estimates associated with classification-related activities 
(programs that affect the security of classified information). 

1 . Personnel Security: A series of interlocking and mutually supporting program elements that initially establish a 
Government or contractor employee's eligibility, and ensure suitability for the continued access to classified 
information. 

Clearance Program: Personnel and activities to determine eligibility and suitability for initial or continuing 
access to classified information or activities. 

Initial Investigations: Completing and reviewing Personnel Security Questionnaire, initial screening, filing data 
in Central Personnel Database, forwarding to appropriate investigative authority, and the investigation itself. 

National Agency Check: Include only when used for basis for granting a clearance. 

Adjudication: Screening and analysis of personnel security cases for determining eligibility for classified 
access authorizations and appeals process. 

Re investigations: Periodic recurring investigations of Government and contractor personnei. 

Polygraph: Substantive examinations in security screening process. 

2. Physical Security: That portion of security concerned with physical measures designed to safeguard and protect 
classified facilities and information, domestic or foreign. 

Physical Security Equipment: Any item, device, or system that is used primarily for the protection of classified 
information and installations. 

Protective Forces; All personnel and operating costs associated v^th protective forces used to safeguard 
classified information or installations, to include but not limited to salaries, overtime, benefits, materials and 
supplies, equipment and facilities, vehicles, aircraft, training, communications equipment, and management. 

Intrusion Detection and Assessment; Alarms, sensors, protective lighting, and their control systems; and the 
assessment of the reliability, accuracy, timeliness, and effectiveness of those systems used to safeguard 
classified information or installations, 

Barrier/Controls: Walls, fences, barricades, or other fabricated or natural impediments to restrict, limit, delay, 
or deny entry into a classified installation. 


* Counterintelligence means Information gathered and activities conducted to protect against espionage, other 
intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations or persons 
or international terrorist activities, but not including personnel, physical, document, or communications security programs. 
(48 CFR 970.0404-1) 
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Instructions for completing form, continued 


Vital Components and Tamper-Safe Monitoring: Personnel and operating activities associated with the 
moniloring of tamper indicating devices for containers, doors, fences, etc., which reveal violations of 
containment integrity and posting and moniloring of anti-tamper warnings or signs. 

Access Control/Badging: Personnel and hardware such as badging systems, card readers, turnstiles, metal 
detectors, cipher locks, CCTV, and other access control mechanisms to ensure that only authorized persons are 
allowed to enter or leave a classified facility. 

Visitor Control: Personnel and activities associated with processing visitors for access to facilities holding 
classified information. 

3. Classification Management: The system of administrative policies and procedures for identifying, controlling, 
and protecting from unauthorized disclosure, classified information, the protection of which is authorized by 
Executive Order or Statute, Classification management encompasses those resources used to identify, control, 
transfer, transmit, retrieve, inventory, archive, declassify, or destroy classified information. 

4. Declassification: The authorized change in the status of information from classified information to unclassified 
information. It encompasses those resources used to identify and process information subject to the automatic, 
systematic, or mandatory review programs authorized by Executive Order or Statute. 

5. Protection and Maintenance for Classified Information Systems: A classified information system is a set of 
information resources organized for the collection, storage, processing, maintenance, use, sharing, dissemination, 
disposition, display, or transrnission of classified information. Security of these systems involves the protection of 
information systems against unauthorized access to or modification of information, whether in storage, processing, 
or transit, and against the denial of service to authorized users, including those measures necessary to detect, 
document and counter such threats. This includes TEMPEST (short name referring to investigation, study, and 
control of compromising emanations from information systems equipment) and Communications Security 
(COMSEC) (measures and controls taken to deny unauthorized individuals information derived from 
telecommunications and to ensure the authenticity of such telecommunications. Communications security includes 
cryptosecurity, transmission security, emission security, and physical security of COMSEC material). 

6. Operations Security (OPSEC) and Technical Surveillance Countermeasures (TSCM): 

Operations Security (OPSEC): Systematic and proven process by which potential adversaries can be denied 
information about capabilities and intentions by identifying, controlling, and protecting generally unclassified 
evidence of the planning and execution of sensitive activities. The process involves five steps; identification of 
critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of 
appropriate countermeasures. 

Technical Surveillance Countermeasures <TSCM); Personnel and operating expenses associated with the 
development, training, and application of technical security countermeasures such as non-destructive and 
destructive searches, electromagnetic energy searches, and telephone system searches, 

7. Professional Education, Training, and Awareness: The establishment, maintenance, direction, support, and 
assessment of an information security training and awareness program; the certification and approval of the training 
program; the development, management, and maintenance of training records; the training of personnel to perform 
tasks associated with their duties; and qualification and/or certification of personnel before assignment of security 
responsibilities related to classified information. 

S. Security Management, Oversight, and Pianning: Development and implementation of plans, procedures, and 
actions to accomplish policy requirements, develop budget and resource requirements, oversee organizational 
activities, and respond to management requests related to classified infornnation. 

Research, Test, and Evaluation; The development, management, and oversight of an acceptance and 
validation testing and evaluation program, corrective action reports and related documentation that addresses 
safeguards and security elements. The examination and testing of physical security systems (construction, 
facilities, and equipment) to ensure their effectiveness and operability and compliance with applicable directives. 


NATIONAL ARCHIVES AND RECORDS ADMINISTRATION AUTHORIZED FOR LOCAL REPRODUCTION 

Pages of 4 


STANDARD FORM 716 (07-11) 
Prescribed by NARA/ISOO 
32CFR Part2001.90 EC. 1352S 



Instructions for completing fonn, continued 

Surveys, Reviews, Accreditation, and Assessments: Personnel and activities associated with surveys, 
reviews, accreditations, and assessments to determine the status of Ihe security program and to evaluate its 
effectiveness; development and management of a facility survey and approval program, facility pre-survey; and 
information technofogy system accreditation. 

Special Access Programs (SAP): Programs established for a specific class of classified information that 
impose safeguarding and access requirements that exceed those normally required for information at the same 
classification level. Unless specifically authorized by the President, only the Secretaries of State, Defense, 
Energy, and the Director of National Intelligence may create an SAP. Sensitive Compartmented Information 
(SCI) programs are not included as SAPs for the purpose of these estimates: rather SCI security costs are 
integrated and estimated throughout all categories as appropriate. Do not include costs here that have been 
reported under the other primary categories. 

Security and Investigative Matters: The investigation of security incidents, infractions, and violations. 

Industrial Security (Non-Contractor Costs); Those measures and resources directly identifiable as 
Government activities performed for the protection of classified information to which contractors, subcontractors, 
vendors, or suppliers have access or possession. Examples of such activities are industrial security reviews, 
surveys, and the granting of facility clearances, and National Industrial Security Program management and 
administration. 

Foreigrr Ownership, Control, or Influence (FOCI): The development and management of a foreign ownership, 
control, or influence program; evaluation of FOCI submissions; the administration and monitoring of FOCI 
information and development of FOCI notifications. 

9. Unique Items; Those department/agency-specific activities that are not reported in any of the primary categories 
but are nonetheless significant and need to be included, should be noted in this category. Any unique item must 
include a narrative on why it should be included and how the figures were developed. 

IIL Kow to complete the security costs estimates form. The form (page 1) should include estimates of resource costs 
in the aggregate for each of the nine categories. The cost estimates reported should not include costs associated with 
the broader area of assets protection. 

1 . Name of Department/Agency: Self-explanatory. 

2. Reporting Categories: List cost estimates in dollar amounts. The cost of personnel associated with the security 
of classified information should be included in the overall cost estimate for each category. If there are no cost 
estimates to be reported for a particular category, indicate with a "0" in the appropriate block. 

3. Totals: The totals for blocks 1-9 will automatically be placed in the appropriate block. 

4. Narrative: In the narrative portion of the form, or in a separate attachment, provide a brief explanation of how cost 
estimates were determined. If there is a significant difference between the total figures for each fiscal year, explain 
the differences. Any figure reported within the Unique Items category should be clearly explained in the narrative 
portion. 
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AGENCY SECURITY CLASSIFICATION COSTS ESTIMATES 


Department/Agency; Securities and Exchange Commission 

Fiscal Year: 13 


Point of Contact; „ 

(Name and phone number) Drawhorn 

(b)(6) 



Reporting Categories 


Please use actual dallar figures. 


1. Personnel Security 

{inctudB clearance pmgram^ fniiial invastigations. national agency checks when used as basis for 
granting a clearance, adjudication, neinvestigation, polygraph associated with dassification-refated activities} 


$72,043.00 


2. Physical Security 

(include physical security equipment protective forces, intrusion detection and assessmeryf 
tarrier/controfs, tamper-safe monitoring, access cor}troi/badging, visitor controf associated with 
dassification-refated activities) 

3. Classification Management 

(include resources used to ider^tify, controi, transfer, transmit, mtheve. inventory, archive, 
deciassify, or destroy cfassifted information) 


$1116,817.28 


$28,333.331 


4. Declassification 

(include resources used to identify and process information subject to the automatic, systematic, 
discretionary, or mandatory review programs authoiiied by Executive Order or Statute) 


$0.00 


5. Protection and Maintenance for Classified Information Systems 

(include resources used to protect and maintain classified information systems from unauthorized 
access or modification of irjfcrmation, and against the denial of service to authorized users, 
inctuding measures necessary to detect, document and counter such threats) 


$0.00 


6. Operations Security and Technical Surveillance Countermeasures | ^ $0.00 

(include personnel and operating expenses associated with OPS£C and TSCM) 


7, Professional Education, Training, and Awareness 

(include resources used to establish, maintain, direct, support, and assess an information security 
training and awareness program; certification and approval of the training program, development, 
management, and maintenance of training records, training of personnel to perform tasks, and 
quafification and/or certification of personnel associated with ctassification-refated activities) 

B. Security Management, Oversight, and Planning [_^_ $300.00 

(inciude resources associated with research, fesf, and evaluation; surveys, reviews, accreditation, 
and assessments, special access programs, security and investigative matters; industrial security; 
and foreign ownership, centre!, or irtfluence (FOCi)} 


9. Unique Items 

(include departmerrt/agency-speciffC activities not reported in any (of the categories listed above, 
but are nonetheless significant and need to be inciuded) 


TOTAL 

(sum of items 1~9) 


$0.00 


$1219,993.61 


$ 2 , 000.00 


Narrative: Provide s brief explanation of any significant difference between iaat yeafs and this years cost 
estimates. Explain items entered into block 9, Unique items 

1. Conducled 13 initial investigations and 7 reinvestigations for TS clearance; 1 investigation for S 
clearance. 2. This year, physical security Includes guard services, access control, video monitoring, and 
visitor access control. 3. Estimated hours of classification management decreased. 7. Education/training 
increased because training was implemented in 2013, 
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Instructions for Completing Form 


I. General: The data reported will be Government cost estimates only. The estimates of resource costs should be 
reported, in the aggregate, for the following categories: (1) Personnel Security; (2) Physical Security, (3) Classifrcation 
Management; (4) Declassification; (5) Protection and Maintenance for Classified information Systems; (6) Operations 
Security and Technical Surveillance Countermeasures; (7) Professional Education, Training, and Awareness; (8) 
Security Management, Oversight, and Planning; and (9) Unique Items. In reporting cost estimates associated with the 
security and management of classified information, please exclude all costs related to broad areas of assets protection 
(i.e , protection of property and personnel not specifically related to classified information). Counterintelfigence* 
resources should also not be included in this data collection. If 51 % or more of a resource is devoted to a classification- 
related activity, it should be included in this estimate. For those resources used for classification-related activities on a 
part-time basis, the total time devoted to these activities over a year must be at least 51% in order to be included in this 
estimate. Even though we no longer ask for the number of FTEs, the cost of personnel associated with the security of 
classified information should be included in the overall cost estimate for each category, 

IL Definitions of data to be reported: The primary categories are defined below along with related functional areas to 
be considered for inclusion. Report only those cost estimates associated with classification-related activities 
(programs that affect the security of classified information), 

1. Personnel Security: A series of interlocking and mutually supporting program elements that initially establish a 
Government or contractor employee's eligibility, and ensure suitability for the continued access to classified 
information. 

Clearance Program: Personnel and activities to determine eligibility and suitability for initial or continuing 
access to classifed information or activities. 

Initial Investigations; Completing and reviewing Personnel Security Questionnaire, initial screening, filing data 
in Central Personnel Database, forwarding to appropriate investigative authority, and the investigation itself. 

National Agency Check: Include only when used for basis for granting a clearance. 

Adjudication; Screening and analysis of personnel security cases for determining eligibility for classified 
access authorizations and appeals process. 

Re investigations: Periodic recurring investigations of Government and contractor personnel. 

Polygraph: Substantive examinations in security screening process. 

2. Physical Security: That portion of security concerned with physical measures designed to safeguard and protect 
classified facilities and information, domestic or foreign. 

Physical Security Equipment: Any item, device, or system that is used primarily for the protection of classified 
information and installations. 

Protective Forces: All personnel and operating costs associated with protective forces used to safeguard 
classified information or installations, to include but not limited to salaries, overtime, benefits, materials and 
supplies, equipment and facilities, vehicles, aircraft, training, communications equipment, and management. 

Intrusion Detection and Assessment: Alarms, sensors, protective lighting, and their control systems; and the 
assessment of the reliability, accuracy, timeliness, and effectiveness of those systems used to safeguard 
classified information or installations. 

Banrier/Controls: Walls, fences, barricades, or other fabricated or natural impediments to restrict, limit, delay, 
or deny entry into a classified installation. 


* Counterintelligence means information gathered and activities conducted to protect against espionage, other 
intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations or persons 
or international terrorist activities, but not including personnel, physical, document, or communications security programs, 
(48CFR 970.0404-1) 
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Instructions for completing form, continued 


Vital Components and Tamper-Safe Monitoring: Personnel and operating activities associated with the 
monitoring of tamper indicating devices for containers, doors, fences, etc., which reveal violations of 
containment integrity and posting and monitoring of antMamper warnings or signs. 

Access Control/Badging: Personnel and hardware such as badging systems, card readers, turnstiles, metal 
detectors, cipher locks, CCTV, and other access control mechanisms to ensure that only authorized persons are 
allowed to enter or leave a classified facility. 

Visitor Control: Personnel and activities associated with processing visitors for access to facilities holding 
classified information. 

3. Classification Management: The system of administrative policies and procedures for identifying, controlling, 
and protecting from unauthorized disclosure, classified information, the protection of which is authorized by 
Executive Order or Statute. Classification management encompasses those resources used to identify, control, 
transfer, transmit, retrieve, inventory, archive, declassify, or destroy classified information 

4. Declassification: The authorized change in the status of information from classified information to unclassified 
information. It encompasses those resources used to identify and process information subject to the automatic, 
systematic, or mandatory review programs authorized by Executive Order or Statute. 

5. Protection and Maintenance for ClassKied Information Systems: A classified information system is a set of 
Information resources organized for the collection, storage, processing, maintenance, use, sharing, dissemination, 
disposition, display, or transmission of classified information. Security of these systems involves the protection of 
Information systems against unauthorized access to or modification of information, whether in storage, processing, 
or transit, and against the denial of service to authorized users, including those measures necessary to detect, 
document and counter such threats. This includes TEMPEST (short name referring to investigation, study, and 
control of compromising emanations from information systems equipment) and Communications Security 
(COMSEC) (measures and controls taken to deny unauthorized individuals infoiTTiation derived from 
telecommunications and to ensure the authenticity of such telecommunications. Communications security includes 
cryptosecurity, transmission security, emission security, and physical security of COMSEC material). 

6. Operations Security (OPSEC) and Technical Surveillance Countermeasures (TSCM): 

Operations Security (OPSEC): Systematic and proven process by which potential adversaries can be denied 
information about capabilities and intentions by identifying, controlling, and protecting generally unclassified 
evidence of the planning and execution of sensitive activities. The process involves five steps: identification of 
critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of 
appropriate countermeasures. 

Technical Surveillance Countermeasures (TSCM): Personnel and operating expenses associated with the 
development, training, and application of technical security countermeasures such as norwJestructive and 
destructive searches, electromagnetic energy searches, and telephone system searches. 

7. Professional Education, Training, and Awareness: The establishment, maintenance, direction, support, and 
assessment of an information security training and awareness program; the certification and approval of the training 
program; the development, management, and maintenance of training records; the training of personnel to perform 
tasks associated with their duties; and qualification and/or certification of personnel before assignment of security 
responsibilflfes related to classified information. 

S. Security Management Oversight, and Planning: Development and implementation of plans, procedures, and 
actions to accomplish policy requirements, develop budget and resource requirements, oversee organizational 
activities, and respond to management requests related to classified information. 

Research, Test and Evaluation: The development, management, and oversight of an acceptance and 
validation testing and evaluation program, corrective action reports and related documentation that addresses 
safeguards and security elements. The examination and testing of physical security systems (construction, 
facilities, and equipment) to ensure their effectiveness and operability and compliance with applicable directives. 


AUTHORIZED FOR LOCAL REPRODUCTIOM 
Page 3 of 4 


National archives and records administration 


STANDARD FORM 71© [07-11) 
Prescribed by NARA/ISOO 
32 CFR Part 2001 90 E.O. 13526 



Instructions for completing form, continued 

Surveys, Reviews, Accreditation, and Assessments: Personnel and activities associated with surveys, 
reviews, accreditations, and assessments to determine the status of the security program and to evaluate its 
effectiveness; development and management of a facility survey and approval program; facility pre-survey; and 
information technology system accreditation, 

Special Access Programs (SAP): Programs established for a specific class of classified information that 
impose safeguarding and access requirements that exceed those normally required for information at the same 
classiffcation level. Unless specifically authorized by the President, only the Secretaries of State, Defense, 
Energy, and the Director of National Intelligence may create an SAP. Sensitive Compartmented Information 
(SCI) programs are not included as SAPs for the purpose of these estimates; rather SCI security costs are 
integrated and estimated throughout all categories as appropriate. Do not include costs here that have been 
reported under the other primary categories. 

Security and Investigative Matters: The investigation of security incidents, infractions, and violations. 

Industrial Security (Non^ontractor Costs); Those measures and resources directly identifiable as 
Government activities performed for the protection of classified information to which contractors, subcontractors, 
vendors, or suppliers have access or possession. Examples of such activities are industrial security reviews, 
surveys, and the granting of facility clearances, and National Industrial Security Program management and 
administration. 

Foreign Ownership, Control, or Influence (FOCI): The development and management of a foreign ownership, 
control, or influence program; evaluation of FOCI submissions, the administration and monitoring of FOCI 
information and development of FOCI notifications. 

9. Unique Items: Those department/agency-specific activities that are not reported in any of the primary categories 
but are nonetheless significant, and need to be included, should be noted in this category. Any unique item must 
include a narrative on why it should be included and how the figures were developed. 

ML How to complete the security costs estimates form. The form {page 1) should include estimates of resource costs 
in the aggregate for each of the nine categories. The cost estimates reported should not include costs associated with 
Ihe broader area of assets protection, 

1. Name of Department/Agency: Self-explanatory. 

2. Reporting Categories: List cost estimates in dollar amounts. The cost of personnel associated with the security 
of classified information should be included in the overall cost estimate for each category. If there are no cost 
estimates to be reported for a particular category, indicate with a ''0" in the appropriate block, 

3. Totals: The totals for blocks 1-9 will automatically be placed in the appropriate block. 

4. Narrative: In the narrative portion of the form, or in a separate attachment, provide a brief explanation of how cost 
estimates were determined. If there is a significant difference between the total figures for each fiscal year, explain 
the differences. Any figure reported within the Unique Items category should be clearly explained in the narrative 
portion, 
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AGENCY SECURITY CLASSIFICATION COSTS ESTIMATES 


Department/Agency: U.S. Securiires and E>tchange Commission 

Fiscal Year 201-4 


Point of Contact: . „ fTMTST- 1 

(Name and phone number) Woodall (b)(6) 

Reporting Categories 

Please use actual {foliar flgursa. 

1, Personnel Security | 

$77,584.00 


(intiudt Cteararxre investig^^ns^, (\a\ion^i agency QtiocRs wtian ijsetf as &asis for 

granting a rtdjtiditaiim, r^mvBstigaikyn, polygraph as^ocl^eO with activities) 


2. Physical Security 

1 $19,860.00 

physicai aecuniy egoifment pntecfiva fofcas, intrusion deteciian and 
berrier/ccntfois, tamper-safB monitoring, access controii^^sdging, visitor oonM associated with 
CitJsSification-fdatad activities} 



3 . Classification Management 

f ' ■ 

0 

{include re^soiffces used to identify, conUo!, transfer, transmit, retrieve, mventcry, archive, 
deciassify, or destroy ctassified irr^nuation} 



4 . Declassification 

Q 

(inctude resources used to iderrtif/ and process Mfomraffoji subject to to# automatic, sysf emetic, 
discretionary, or mandatory review pfcgrams suthorized by Exacutiva Order or Statute) 



5 . Protection and Maintenance for Classified Information Systems 

0 

(inciude resources used to protect snd maintain dessified information systems from imeothorized 
access or modifiedion of iiiforirmtiori and ageirrst ihe denial of service lo aLrr/iorpjetf users, 
inciac^g rtieasures /lecessao' to defect docurryent, and counter such threats} 



6. Operations Security and Technical Surveillance Countenneasuras 

I 

0 

{indude persotwei and operating eypense^ associated with CPSEC and TSCM) 



7. Professional Education, Training, and Awareness 

i 

b 

{include resources used to establish, maintain, direct, support, and assess an irrfdrmBtion security 
training and awarens^ program; certiiicution end approval of the training program: development, 
management, and maintenonce of tneming wcords; training ot pefsormef to perform tasks; and 
quaUfjc^Uon and/or certificatio/j of personnel assocls ted with cfessificotion-r&isted activities} 



8. Security Management, Oversight, and Planning 


O' 

(Include resources associated with research, test, and evafuaiior}; su/vsys. accreditation, 

and ^ssessFiienfs;' specisi access pregrams: security and invesUgaifve matters; industnal security: 
and foreign ownership, cor^troS, orinfhrenve (f<iCI)} 



9 . Unique Items 

0 

(iriclude departmeni/sge/Ky-specfflc activities not reported in any of ffte categories tisted abc ve, 
but are sfgnfftcetTi arfd need to be included} 



TOTAL 

$97,444.00 

(sumofifems 1-9) 



N arrative: Provide a brief explana tion of any signif/cant dtfferertce between last yearns and this yearns cost 
estimates. Expiain items entered into black 9, Unique Items. 

The FY13 submission erroneousiy indudeef costs assodated with security guard service, access controi 
system, video manitorins, and visitor access control, therefore, there is a substantial decrease in the cost 
reflected for FY14, 
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UNITED STATES 

SECURITIES AND EXCHANGE COMMISSION 
WASHINGTON, D.C. 20549 



OFnCEOF 

SUPf>ORT OPERATtONS 


Febraary 8,2016 


MEMORANDUM: 


FROM: 

SUBJECT: 


John P. Fitzpatrick 

Director, Information Security Oversight Office 
National Archives and Records Administration 

Barry Weilters 

Director, Office of Suppon Operations 

Report on Cost Estimates for Security Classification FY 2015 


This memorandum accompanies the United States Securities and Exchange Commission’s 
(SEC’s) Agency Security Classification Costs Estimate (SF 716). During FY 2015, the SEC 
completed construction and accreditation of the Sensitive Compartmenled Information Facility 
(SCIF), which resulted in an increase of annual costs this year. 


The point of contact f or this mem orandum is L eRov Woodall. S pecial Security Officer, Physical 
Security Operations at 1(b)(6) lol sec.gov or at (b)(6) 


Enclosures: Agency Security Classification Costs Estimate (SF 716) 





AGENCY SECURITY CLASSIFICATION COSTS ESTIMATES 


Departmerrt/Agency: U.S. Securities & Exchange Commission | Fiscal Year; 2015 


Point of Contact: 

(Name and phone number) 


LeRoy Woodall 


(b)(6) 


Reporting Categories 


Please use aclual dollar figures. 


1. Personnel Security 


$116,446.00 


(iiKiudc cfcamnce prograrjt. initial inveatigaiions, nathnai agency cftfiCAs when used aa basta for 
granting a clearsnce, adjodicstion, reinirestigMfan, potygraph sssocrated wHh ciassthcation-retaled actMties) 


2. Physical Security 

(include physicef security equipment protective farces, intrusion detection and assessment 
bafrier/tontmfs, tamper-safe monitoring, access control/bsdgrng, visitor control associated with 
classiTicatiorJ-related actMties) 

3. Classification Management 

(include resources used to identify, controf, transfer, transmit, retrieve, inventory, archive, 
declassify, or destroy classified information) 

4. Declassification 

(inch/de resources used to IderJtify and process intormation suhfject to the svtomatic, systematic, 
discretionary, or marjdetory review programs euthodzed by Executive Order or Sfafute; 

5. Protection and Maintenance for Classified Information Systems 

(irKkrde resources used to protect and maintain classic information systems from unauthorized 
access or modrficetior} of information, and against the denial of service to authorized users, 
including measures necessary to detect, document, and counter such threats) 

6 . Operations Security and Technical Sunreillance Countermeasures 

(include personnel and operating expenses associated with OPSEC and TSCM) 

7. Professional Education, Training, and Awareness 

(Include resources used fo establish, meintaitt, direct, support, end assess ari informatior} security 
tra/n/ng and awareness program; certification and approval of the training program: development, 
manegefTtenl arxi maintenance cf training records: trafr}ing ofpersor)nef perform tasks, and 
QualiTicatron andibrcertiftcatiortof personnel associated w^dassificatioryrctated activities} 



8 . Security Management, Oversight, and Planning 

(include resources associated with research, test, atxf evaluation: surveys^ reviews, accreditation, 
and assessments; spedai access programs: security and invesilgatlve matters: industrial security; 
and foreign ownership, control, ormfluence (FOCI)} 

S. Unique Items 

(include depariment^gerKy^pecific activAies not reported in any of the categories listed above, 
but are nonetheless stgryfftcarn and need to be incfuded) 

TOTAL 

(sum ofAems 1-9) 


$963,041.00 


Narrative: PiwkIb a bnafaxplanatian of any significant piffaranca between fast year’s and this year's cost 
astimates. Explain items entered into block 9, Unique Items. 

The increase is due to the construction and accreditation of the Sensitive Compartmented information 
Facility and the installation of the Joint Worldwide Intelligence Communication System, Homeland Secure 
Data Network, and the Crisis Management System. 
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UNITED STATES 



OFFICEOF 

SUPPORT OPERATIONS 


^ SECURITIES AND EXCHANGE COMMISSION 
WASHINGTON. D.C. 20549 


February 17, 2017 


MEMORANDUM FOR: Mark Bradley 

Director, Information Security Ovcrsiglit Office 
National Archives and Records Administration 


FROM: 


Barry Waiters 

Director, Office of Support Operations 


SUBJECT: 


Report on Cost Estimates for Security Classification FY 2016 


This memorandum accompanies the United States Securities and Exchange Commission 
(SEC's) Agency Security Classification Costs Estimates (SF 716). 


The point of contact for this memorandum is L eRoy Wo odall, Special Security Officer, 


Continuity of Operations and Safety Branch at 1(b)(6) ^ sec.gov or at (l^)(6) 


Enclosures: Agency Security Classification Costs Estimate (SF 716). 






AGENCY SECURITY CLASSIFICATION COSTS ESTIMATES 


Department/Agency: U.S. Securities & Exchange Commission 

Fiscal Year: 2016 


Point of Contact: . „ ^ 

(Name and phone number) LeRoy Woodal 

{b)(6) 



Reporting Categories 


Please use actual dollar figures. 


1 Personnel Security 

{include charaf^ce program, InittaUnyestigations, naUonai agency checks when used as basis for 
granting a ctearence, ad/udicadon, reinvestigatlon, poiygraph associated v^ith dassidcation-related aclMtfes) 


$37,475.00 


2. Physical Security 

(include physfcai security eguipment protecdye forces, intrusion detection and assessment, 
barner/controts, tawper-sah monitoring, access controi/badging, visnor control associated with 
Ctessifjcation-retated activates) 


3. Classification Management 

(Include resources used to identify, control, transfer, transmit, retrieve, inventory, archive, 
declassify, or destroy dassified information) 


4. Declassification 

ftndude resources used to tderHify and process information street to the automatic, systematic, 
discretionary, or mandatory review programs authofized by Executive Order or Statute) 


$186,082.001 


6 . Operations Security and Technical Surveillance Counteimeasures 

(include personnel and operating expenses essodated with OPSEC and TSCM) 

7. Professional Education. Training, and Awareness 

(include resources used to establish, maintain, direct, support and assess an informatlort security 
training and aw 3 rer)ess program; certificetton and approval of the training program; development, 
menagement, and maintenance of training records; traming of personnel to perform tasks; and 
qualification and/or cerHacailon ofpersonr^el associated wHh dassfTication-retated activities} 


5, Protection and Maintenance for Classified Information Systems 

ftndude resources used to protect and maintain classified inforrmiion systems from unauihonzed 
access or modification of information, and against the denial of service to authorized users, 
including measures necessary to detect, document, and counter such IhneafsJ 


8 , Security IVlanagement, Oversight, and Planning 

(inchide resources associated with research, test, and evehiation; surveys, reWews, accrediiatfon, 
and assessments: special access programs; secwfiy and investigative maffens; Industrial secunTjr; 
and foreign ownership, control, or influence (EOCi)) 

9. Unique Itenns 

(include depanmeni/agency-specific activniss not reporied in arryofthe categories listed above, 
but are nonetheless significant and need to be included) 

TOTAL 

(atrm of Homs f-9J 



Narrative! Provide e brief expisnation of any significant difference between fast year's and this year's cost 
estimates. Expiam items entered into block 9, Unique Hems, 

In FY 2016. the Sensitive Compartmented Information Facility became fully operational leading to a 
decrease in the cost estimates. Protection and Maintenance for Classified Information Systems includes 
the installation of HSDN and annual mainlenance cost of JWICS. 
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